SSL Certificates' FAQ
How to enable SSL certificate for a domain
You can install SSL certificate for your domain with the following command:
cd /root curl keitaro.io/enable-ssl.sh > run; bash run -D domain.com
Important! Make sure the domain has an active a-record with the server's ip.
How to install SSL for several domains at once
cd /root curl keitaro.io/enable-ssl.sh > run; bash run -D domain.com,domain2.com,domain3.com
The script will not work if the server was not configured by the script of single-click installation.
Important! Make sure the domain has an active a-record with the server's ip.
How to enable SSL for a domain with CloudFlare
You need to enable SSL on CloudFlare if the domain is integrated with CloudFlare.
Error: Unknown error during the installation
Run a command:
wget https://dl.eff.org/certbot-auto chmod a+x ./certbot-auto ./certbot-auto --install-only mv -f certbot-auto /usr/bin/certbot
Put “y” in Is this ok [y/d/N]:
query.
Try to run the SSL installation process again.
Certificate SSL is issued but shown as invalid in a browser
If you issued certificates for more than 100 domains, delete the old and unnecessary domains. Run the following command:
export domains="domain1.com domain2.com domain3.com" for domain in $domains; do echo Deleting $domain; rm -f /etc/nginx/conf.d/$domain.conf; certbot delete --cert-name $domain; done
The certificate isn't issued, enable-ssl scriot shows unknown error
Update certbot utility:
curl -sSL https://dl.eff.org/certbot-auto > certbot-auto chmod a+x ./certbot-auto ./certbot-auto --install-only mv certbot-auto /usr/bin/certbot-2
Delete SSL certificates
In case, when you need to remove SSL certificate from domain of your site, you can use our special script which will delete SSL certificate and domain. Script will take domain name as parameter. To delete ssl certificate, you can use following command:
curl https://raw.githubusercontent.com/apliteni/centos_provision/current/scripts/delete-ssl.sh > delete-ssl; bash delete-ssl domain.com
Where domain.com - name of your domain, which you want to revoke and delete it's certificate. All certificates and their files, their keys, and configuration files of nginx of selected domain will be deleted (located in /etc/nginx/conf.d/).
CA key file validation check
There could be cases when you are issuing SSL certificate on a parked domain in your tracker, and such domain still wont work after certificate was issued (even if it was success) & SSL certificate validation (such as SSL labs for example) showing error “certificate name mis match”. That means that domain name on which SSL certificate was issued, has conflict in the chain of keys (in pem keys) of the certificate of the other domain which was issued previously (paid certificates, manually self-issued certificates and etc.).
Specifically, when checking certificate name - it will be showing domain name of the problem certificate with which such domain has conflic. In such case, you need to delete all the keys and certificates of such domain from a server, and also delete all the nginx configuration files related to this domain. You can do so easily with our Delete SSL certification files command, but first of all you need to check which CA key file is causing conflict. To do so, you need to check which CA name is linked to the key file.
openssl verify -verbose -x509_strict -CAfile key_file_name.pem
Which will show you:
key_file_name.pem : CN = problemcertificate.ru error 20 at 0 depth lookup:unable to get local issuer certificate
Which means that our SSL certificate wasn't checked by local domain issuer, since Certificate Name (CN) of such file “unable to get local issuer certificate”. To fix this issue, you need to delete SSL certificates and key files of such problem domain & nginx config, then restart nginx. After that, all your domain should be working with https.